Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Compliance with the New EU-US Data Privacy Framework
Life With GDPR - Data Transfer Update
Anonymization and AI: Critical Technologies for Moving eDiscovery Data Across Borders
Digital Trade: Key Trends and Developments to Watch
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
I Wish I Knew What I Know Now: Conversations with AGG on FDA Issues - Data Privacy Issues Life Sciences Companies May Encounter
In-house Roundhouse: Antitrust and the Tech Industry
Cross-Border Data Transfers and the EU-US Data Privacy Tug of War
Privacy Talk | The New Swiss Data Protection Act
Compliance Perspectives: The Privacy and Data Security Track at the 2020 Compliance & Ethics Institute
Update on Global Data Privacy Regulations by John Jackson
Nota Bene Episode 93: Navigating the New Global Cybersecurity Compliance Landscape with Scott Giordano
What's Next after the Schrems II Decision of ECJ
Compliance Perspectives: The End of the Privacy Shield
Nota Bene Episode 89: European Q3 Check In - Merger Clearance and Data Protection Court Rulings and Brexit Updates with Oliver Heinisch
IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
As of July 9, the U.S. Department of Justice has begun full enforcement of a sweeping new data regulation known as the Sensitive Data Rule, or “SDR.” Implemented under President Biden’s Executive Order 14117, the SDR marks a...more
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
On 4 June 2025, the European Data Protection Board published guidelines clarifying how EU-based companies should assess requests from foreign authorities for access to EU personal data. The EDPB emphasizes that such requests...more
The U.S. Department of Justice (DOJ) is set to enforce its sweeping new rule on certain U.S. data transactions with countries of concern and covered persons as of July 9, 2025. The new rule regarding “Preventing Access to...more
On 19 June 2025 the Data (Use and Access) Act (the "DUA Act") received Royal Assent and became law in the UK, having been passed by the UK Parliament on 11 June 2025. The DUA Act principally reforms the General Data...more
The Department of Justice’s (DOJ) 90-day grace period for compliance with the Data Security Program (DSP) ends on July 8, 2025, and enforcement is expected to begin. This regulatory regime was created for national security...more
Unlike other sectors, US healthcare businesses must reconcile cost-saving strategies with stringent compliance obligations, especially when patient data crosses national borders or is accessed overseas....more
Orrick Partners Matthew Coleman and Jeanine McGuinness join RegFi co-hosts Jerry Buckley and Sherry Safchuk to explore the implications of the Justice Department’s recent issuance of a final rule prohibiting and restricting...more
China’s primary data regulator, the Cyberspace Administration of China (CAC), released two sets of Q&As with respect to exporting data from China, one in April and one in May. The questions were selected from those raised...more
The launch of the Global Cross Border Privacy Rules (CBPR) and Privacy Rules for Processors (PRP) systems on June 2, 2025 offers a framework to manage increasingly difficult standards for global data privacy governance....more
In August 2024, China Judgements Online published a ruling issued by the Guangzhou Internet Court on September 8, 2023, in a case widely regarded as China’s first judicial decision addressing cross-border personal information...more
In recognition of the GDPR's 7th anniversary on May 25, 2025, Constangy Cyber Team member Matthew Basilotto explores how the European Union’s General Data Protection Regulation (GDPR) continues to adapt in the face of...more
As questions of trust, surveillance, and data sovereignty become central to global trade, businesses face mounting pressure to prove not just compliance but true accountability. That’s why we turned to Constantine...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
On April 11, 2025, the Department of Justice’s (DOJ) National Security Division (NSD) released an Implementation and Enforcement Policy, a Compliance Guide, and a list of over 100 Frequently Asked Questions (FAQs) to help...more
Malaysia’s newly released Cross Border Personal Data Transfer Guidelines mark a groundbreaking shift in its data protection regulatory landscape, requiring data controllers to conduct Transfer Impact Assessments and implement...more
On April 8, the U.S. Department of Justice’s (DOJ) Final Rule, codified at 28 CFR Part 202, (Final Rule), implementing President Biden’s Executive Order 14117 “Preventing Access to U.S. Sensitive Personal Data and...more
Are you using artificial intelligence in your business operations? Do you have AI embedded in the goods and services you offer customers? The regulatory framework applicable to AI continues to develop, including across US...more
U.S. organizations should carefully review and ensure their privacy and cybersecurity practices comply with a wide-ranging new federal rule establishing data transfer restrictions regarding sensitive U.S. personal data. The...more
If you are a compliance professional for a U.S.-based company, you have probably been told at some point that you have to worry about the General Data Protection Regulation (GDPR). Have you encountered one of these...more
The Department of Justice’s National Security Division (NSD) released several documents on April 11, 2025, to assist entities that must comply with the Final Rule regulating or prohibiting the transfer of bulk U.S. sensitive...more
On April, 8 2025, the Department of Justice’s final rule, implementing the Biden-era Executive Order 14117 restricting the transfer of Americans’ Sensitive Personal Data and United States Government-Related Data to countries...more
DOJ rule to implement Executive Order 14117, which restricts the exchange of sensitive personal data with certain “countries of concern,” took effect April 8. The order, which was issued under the prior administration,...more
A new U.S. federal rule restricts bulk sharing of sensitive personal information and governmental information with certain countries, for some key industries. In December 2024, the Department of Justice issued a comprehensive...more